1. Field of the Invention
This invention pertains in general to managing resources in a computer system and in particular to managing resources to conform with a Quality-of-Service (QoS) policy and provide computer security.
2. Description of the Related Art
A large data center can have hundreds or thousands of separate computers operating together to fulfill the processing needs of the data center. For example, the data center of an enterprise such as a large e-commerce site on the Internet typically has thousands of servers divided into different tiers. Servers in a web services tier operate the web servers that provide the user interface to customers of the site. Servers in an application tier operate the business logic that allows customers to shop on the site. Servers in a data tier provide database processing.
Managing and monitoring the operations of the computers in the data center is a significant problem. In typical configurations, each computer operates an operating system, each operating system executes one or more applications, and each application executes one or more threads. The resources of the computer must be allocated to the applications and threads in an efficient manner. Even small inefficiencies in resource allocation can have significant effects when multiplied by the large number of computers in the data center.
Moreover, computers and networks like those in a data center are susceptible to a variety of malicious software including worms and viruses. For example, a malicious end-user or automated software can exploit a flaw in an application run by a computer and introduce malicious software into the data center, where it can spread rapidly. The malicious software can destroy data, change configuration settings, spy on activities and capture data, and/or perform other malicious actions. There are security tools that seek to prevent malicious software from compromising computers. However, such tools can generate false positive results and block applications from performing legitimate functions, thereby resulting in a greater administrative overhead for the data center.
Therefore, there is a need for a way to effectively and efficiently allocate the resources of a computer system. There is also a need for a way to protect computers and networks from malicious software without increasing the administrative overhead resulting from false positives and the like.